説明
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.
AI分析AIによる分析
影響を受ける製品
nextclouddeck
1.0.4
参照
- https://hackerone.com/reports/916704ExploitThird Party Advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-036Vendor Advisory
- https://hackerone.com/reports/916704ExploitThird Party Advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-036Vendor Advisory